• E-mail
• Print
• RSS

PPV: Now is the time to revisit your organization’s security program

EHR Connection, February 18, 2008

Now that CMS has contracted with Pricewaterhouse-Coopers (PwC) to conduct security audits of covered entities, healthcare organizations face the prospect of preemptive, third-party compliance evaluations for the first time in HIPAA history.

PwC may audit to determine overall security preparedness or to verify implementation of corrective action plans in response to a complaint, says Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services.

Because PwC will target covered entities against which there are already security complaints, avoiding the scrutiny of a CMS complaint investigation will become increasingly important. This requires prevention, communication, and preparation for the worst-case scenario.

The top five complaints CMS has received, in descending order, are:

• Information access management
• Security awareness and training
• Access control
• Workstation use
• Device and media controls/security incident procedures

This is one "top five" list you want to avoid. Click here to learn how you can be proactive and update your security plan.

The cost is $10. Briefings on HIPAA subscribers can sign on for free access.

• E-mail to a Colleague
• Print
• RSS
• Archive